This article is part of the unfortunately confusing world of Authentication in Rails. If you manage to get a grip on things from this large collection of web pages (many of them sadly out of date), please contribute! (see WhatCanIDo)
What is OpenID?
OpenID is a decentralized URL based identity system. An OpenID is simply a URL, and all the OpenID specification does is describe a way to securely prove that the user owns that URL.
OpenID is useful for Rails programmers because:
- Provides a single sign on mechanism.
- Lets you focus on your application code instead of building the standard password infrastructure (hash, change, verify, recover). Authentication is handled by the user’s OpenID server, and you don’t have to know anything about it.
- Lowers the bar for user signup/login. Users who already have an OpenID won’t have to create another site-specific username and password.
- Enables cross-site reputation building. For example, you can assert that a user on site A is the same user on site B, and start building trust and/or relationships based on those assertions.
Where can my users get an OpenID?
Register with an OpenID identity provider, like MyOpenID.com or PiP
Libraries
- Ruby OpenID library – OpenID consumer and server library. Apache license.
gem install ruby-openid - Core team Rails plug-in
General OpenID resources
- http://openid.net/ (Spec)
- http://www.openidenabled.com/ (Libraries and resources)
- http://www.openidenabled.com/openid/openid-protocol High level explanation of the OpenID protocol, with diagrams
- http://en.wikipedia.org/wiki/OpenID
- http://openid.net/wiki/ OpenID Wiki
Example code
- Instiki example that uses OpenID whitelists for protected webs
- OpenidLoginGenerator
- OpenID Consumer Plugin
- Simple OpenID Guestbook
- Example of using OpenID with restful_authentication
- Example of using OpenID with acts_as_authenticated
- RailsCast example of using OpenID authentication with restful_authentication